hacknetfandomcom-20200222-history
Network Education Archives
| id = | admin = | ports = | trace = | proxy = | other = }} Network Education Archives is a node in Hacknet. __TOC__ Description This server acts as an archive of information about shells, proxies, firewalls and tracers. Daemons * ** ** ** ** Articles * Proxy Server Quick Guide Proxy servers function as a buffering layer between a target computer and a connecting counterpart that filters, caches and monitors incoming traffic to both optimize web performance for repeated queries, and prevent some kinds of attacks. The most well-recognized flaw in proxy servers is their upper memory limit - which reached will force them to allow unchecked traffic to pass through. To exploit this, hackers and testers will often run Shells on other computers that an attacker has access to (Often using the built in "shell" program), then, with a collection of shells on servant machines, will connect to a target computer, and use the shells "overload" functionality to flood the target's proxy server with junk data, allowing other, potentially harmful traffic through. * .exe Files and Remote Execution The exe command on modern terminals executes a file residing on the local machine of the running user, targeting that program at the machine the local user is connected to. Effectively the command acts as a semantic shortcut, and prevents the need for the IP address of the connected machine being added as an argument for any run command. This also allows for multiple programs to send traffic over the same socket, increasing network efficiency at an OS level. Of course, many exe files are not written to have any function over a network, and in this case, the program will ignore the cross-network socket available to it and simply perform it's function locally. * Shells Shells are compact, low memory remote processes running on a separate machine that can be controlled locally from any connection. These incredibly convenient processes are useful for many tasks, though what they are capable of is determined by the type of shell being run. Common functions across networks include: Overload: Designed to test networks and proxy servers, this functionality floods the target machine with junk network traffic from the node running the shell, filling up proxy server memory and soaking cpu time. Trap: A shell running this mode will notify the running user when a foreign user connects to the machine running the shell, and allow an emergency forkbomb flood to be executed on all other users connected to it remotely. This can be incredibly useful for maintaining the security of a remote networked computer while doing other work. * Firewall Analysis and Solutions Firewalls have been around for a very long time in computer security, most often serving to prevent automated foreign network traffic rather than secure against dedicated hackers. Modern firewalls however can be configured to prevent *all* security-critical traffic unless it is prefixed by a firewall solution (often referred to as a password to end-users - though there is a distinct difference between the two). In this situation, the firewall solution will need to be provided before an unsyndicated login attempt can be attempted - effectively meaning that any known password cracking software will be useless while a firewall is active. Firewall complexity can be examined with the "analyze" command - running the analyze command multiple times will automatically detect patterns in the response data headers and will eliminate characters it can guarantee are not a part of the correct firewall solution. Once a potential solution is found, the command "solve FIREWALL_SOLUTION" can be used to attempt to syndicate * Proxy Servers - Advanced Proxy servers are essentially a secondary computer that you connect to a target through, which filters and caches network traffic to provide security and increase web performance on highly-requested information. Proxies are configured by default to ward off traffic that might be considered a network threat (such at FTP Flooding), at the cost of needing to whitelist desirable traffic (such as youtube video streaming traffic). This means that while they can be inconvenient for some users while they are being correctly configured, they can entirely prevent the execution of programs that could compromise a port or security service. The most well-recognized flaw in proxy servers is their upper memory limit - which reached will force them to either entirely shut down the network they are connected do (a feature which is hardly ever utilized) or allow unchecked traffic to pass through. Because of this, increasing network security budgets have led to more robust proxy servers with significantly more memory, making the process of overloading one a long and daunting task, nigh impossible with a single machine. * Traces - Passive In response to the increasingly hostile and active world of computer security and hacking, new digital security suites will generally include some method of tracking the location of any "hostile" activity taken against said server. This is naturally an imperfect science, so there are 2 generally recognized forms of traces, Active and Passive. This article describes Passive Traces. 1: Passive Traces ----------------- A passive trace is a computer program running on a machine that attempts to detect hostile action and mount a tracing action against it. The method of doing so varies from program to program (and consequently the time it generally takes to complete does too). A passive trace can in theory be prevented from completing by using a self-induced crash at the exact time that the ping arrives from the hostile server, giving it no return, such that it assumes the packet never arrived. This would require OS-level integration though, and is not a known feature on any widely recognized OS, leaving this an effective tracking method for would-be assailants. * Traces - Active In response to the increasingly hostile and active world of computer security and hacking, new digital security suites will generally include some method of tracking the location of any "hostile" activity taken against said server. This is naturally an imperfect science, so there are 2 generally recognized forms of traces: This article describes Active Traces. 2: Active Traces ---------------- An active trace is a tracking effort undertaken by an individual working against either a currently active connection or, more commonly, logs left on a server by a careless hacker. An active trace is un-trackable and is generally done by attempting to breach security on nodes used in the routing path and observing the connection route logs. An active trace can be prevented by wiping away a chain in the connection link such at the pursuer has nothing to follow, and as such it is recommended that if an active trace is to be mounted against an assailant, it is done as soon as possible. Gallery Nodes - Network Education Archives.png|Main page Nodes - Network Education Archives - Article 1.png|"Proxy Server Quick Guide" Nodes - Network Education Archives - Article 2.png|".exe Files and Remote Execution" Nodes - Network Education Archives - Article 3.png|"Shells" Nodes - Network Education Archives - Article 4.png|"Firewall Analysis and Solutions" Nodes - Network Education Archives - Article 5.png|"Proxy Servers - Advanced" Nodes - Network Education Archives - Article 6.png|"Traces - Passive" Nodes - Network Education Archives - Article 7.png|"Traces - Active" Category:Nodes